https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504789#M365136 again a completely pointless exercise as even if I set permissions on /etc/fstab to 600, a non priviliged user can still exceute bdf, df and "/sbin/mount -p" to see what filesystems are mounted.<BR /><BR />Your client is wasting his time with these sort of unconsidered security measures...<BR /><BR />HTH<BR /><BR />Duncan Tue, 29 Sep 2009 10:38:28 GMT Duncan Edmonstone 2009-09-29T10:38:28Z https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504788#M365135 In course of hardening my hp-ux box, what all can be done in /etc/fstab. Like modifying permissions etc<BR /><BR />What all filesystems may need it Tue, 29 Sep 2009 10:22:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504788#M365135 Spark_2 2009-09-29T10:22:54Z https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504789#M365136 again a completely pointless exercise as even if I set permissions on /etc/fstab to 600, a non priviliged user can still exceute bdf, df and "/sbin/mount -p" to see what filesystems are mounted.<BR /><BR />Your client is wasting his time with these sort of unconsidered security measures...<BR /><BR />HTH<BR /><BR />Duncan Tue, 29 Sep 2009 10:38:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504789#M365136 Duncan Edmonstone 2009-09-29T10:38:28Z https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504790#M365137 Hi:<BR /><BR />Yes, I wonder...is this security by obscurity?<BR /><BR />The standard permission are -rw-r--r-- with root ownership. What's the problem with being able to see what's mounted? If that's an issue, you have far deeper problems in my opinion.<BR /><BR />Regards!<BR /><BR />...JRF... Tue, 29 Sep 2009 10:40:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504790#M365137 James R. Ferguson 2009-09-29T10:40:25Z https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504791#M365138 :-)...well is client is God<BR /><BR />its like he wants to control the permissions of mounted fs like:<BR /><BR />/dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec, 1 2<BR />/dev/hda9 /home ext2 rw,nosuid,nodev 1 2<BR /><BR />My question is what all fs should be controlled and what should be the permissions Tue, 29 Sep 2009 10:41:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504791#M365138 Spark_2 2009-09-29T10:41:01Z https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504792#M365139 Any user can type "mount" or "bdf" or "df" and get the mounted filesystems.<BR /><BR />There is nothing special in /etc/fstab. It is volumes and filesystems and everybody knows and expects that. What kind of server is this, how many end users are on and what are you protecting yourself from? Tue, 29 Sep 2009 10:45:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504792#M365139 TTr 2009-09-29T10:45:55Z https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504793#M365140 I want to set the best security on the filesystem permissions. Like<BR /><BR />/dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec, 1 2<BR />/dev/hda9 /home ext2 rw,nosuid,nodev 1 2<BR /><BR /><BR />What all filesystems should be controlled and with what permissions please Tue, 29 Sep 2009 10:49:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504793#M365140 Spark_2 2009-09-29T10:49:20Z https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504794#M365141 Hi (again):<BR /><BR />&gt; /dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec, 1 2<BR /><BR />This looks like a snippet from an AIX box, not HP-UX.<BR /><BR />That said, I would mark non-OS filesystems as 'nosuid' if you want to increase your security. If I am correct, and this is AIX, I suggest you read those manpages and decide what additional protection those options might offer.<BR /><BR />Regards!<BR /><BR />...JRF... Tue, 29 Sep 2009 10:58:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504794#M365141 James R. Ferguson 2009-09-29T10:58:47Z https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504795#M365142 ok...for an HPUX box...what all filesystems should be controlled and how Tue, 29 Sep 2009 11:15:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504795#M365142 Spark_2 2009-09-29T11:15:12Z https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504796#M365143 Hi (again):<BR /><BR />&gt; ok...for an HPUX box...what all filesystems should be controlled and how<BR /><BR />I answered that in my response above when I pointed out the some of your mount options were appropriate to AIX servers. Read my response again.<BR /><BR />...JRF... Tue, 29 Sep 2009 11:18:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-implementation-on-etc-fstab/m-p/4504796#M365143 James R. Ferguson 2009-09-29T11:18:40Z